docs: add token lifecycle to llms.txt #93
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Merge Pipeline - Run on merge to main | |
| # | |
| # Runs unit tests, lint, typecheck, then releases to npm. | |
| # Integration tests (Docker API) are disabled until the API image is available. | |
| name: Merge Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| # Allow manual trigger | |
| workflow_dispatch: | |
| inputs: | |
| skip_release: | |
| description: 'Skip release after tests' | |
| required: false | |
| default: 'false' | |
| type: boolean | |
| concurrency: | |
| group: merge-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # Tests: Unit tests, lint, typecheck | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| tests: | |
| name: "Tests" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build all packages | |
| run: npm run build | |
| - name: Run unit tests | |
| run: npm run test:unit | |
| - name: Lint | |
| run: npm run lint | |
| - name: Type check | |
| run: npm run typecheck | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| # Release (If tests pass) | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| release: | |
| name: "Release" | |
| needs: tests | |
| if: | | |
| github.event.inputs.skip_release != 'true' && | |
| !startsWith(github.event.head_commit.message, 'chore(release)') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| attestations: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| - name: Configure Git | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| - name: Upgrade npm for OIDC | |
| run: npm install -g npm@latest | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build all packages | |
| run: npm run build | |
| - name: Run tests (final verification) | |
| run: npm run test:unit | |
| - name: Release | |
| run: npx nx release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish to npm | |
| run: | | |
| echo "Publishing packages to npm..." | |
| for pkg in packages/*/; do | |
| if [ -f "$pkg/package.json" ]; then | |
| pkgname=$(node -p "require('./$pkg/package.json').name") | |
| pkgver=$(node -p "require('./$pkg/package.json').version") | |
| echo "Publishing $pkgname@$pkgver..." | |
| npm publish "$pkg" --access public --provenance 2>&1 || echo ">> Failed or already published: $pkgname" | |
| fi | |
| done |